How to Securely Erase an SSD Without Damaging the Drive

The process of securely wiping a drive, that is, removing every bit of the data it contains and scrambling its content enough to protect the information stored on the drive from prying eyes, is fairly well understood for old-fashioned spinning hard drives. SSDs, on the other hand, can be affected poorly by the same techniques used on hard drives: overwriting data locations multiple times with random data or specific data patterns.

To make matters worse, at least from a security standpoint, even after overwriting data on an SSD, it’s possible that some of the original information is still present on the drive.

Which brings us to the question: Can you securely erase an SSD without damaging the drive, and make sure that all of the information is no longer recoverable?

We originally looked at the changes High Sierra brought to performing a secure wipe. In this Rocket Yard article, we’re going to further explore how to securely wipe an SSD.

SSD Architecture
As we said above, the process of securely wiping a hard drive is fairly well understood. The linear nature of data storage on a spinning drive, along with the ability to access and read, write, and erase data at all active storage locations make the sanitation process pretty easy, though sometimes time-consuming. Essentially, you need to erase the volume and partition maps, and then overwrite each data location using a random or specific data pattern.

The number of times data is written, and the data pattern used for the secure wipe, allows the sanitation process to meet specific security requirements, including those set forth by the DOD or other government agencies.

SSDs, on the other hand, don’t use a linear storage convention, nor are the storage locations directly addressable. Instead, SSDs use a number of mapping layers that hide the physical layout of the flash-based memory, as well as help in managing how flash memory data integrity and lifetime are managed. Collectively, these layers are referred to as the flash translation layer (FTL).

SSDs are also overprovisioned; they contain a bit more flash memory than what they’re rated for. This extra memory is used internally by the FTL as empty data blocks, used when data needs to be rewritten, and as out-of-band sections for use in the logical to physical mapping.

The mapping layers, and how the flash controller manages memory allocation, pretty much ensure that either erasing or performing a conventional hard drive type of secure erase won’t ensure all data is overwritten, or even erased at all.

One example of how data gets left behind intact is due to how data is managed in an SSD. When you edit a document and save the changes, the saved changes don’t overwrite the original data (an in-place update). Instead, SSDs write the new content to an empty data block and then update the logical to physical map to point to the new location. This leaves the space the original data occupied on the SSD marked as free, but the actual data is left intact. In time, the data marked as free will be reclaimed by the SSD’s garbage collection system, but until then, the data could be recovered.

A conventional secure erase, as used with hard drives, is unable to access all of the SSD’s memory location, due to the FTL and how an SSD actually writes data, which could lead to intact data being left behind.